Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

View permission to check logged in members

Tags:

zope

plone

I'd like to limit a view in the Plone site root for logged in members only.

Which permission I should check?

For the clarification I'd like to use this permission as Zope 3 view config and have something which works by default. I don't want to create and assign a permission to Authenticated myself if I can avoid the situation.

like image 558
Mikko Ohtamaa Avatar asked Dec 13 '22 01:12

Mikko Ohtamaa


2 Answers

There is no "authenticated" permission, all permissions are for specific actions only and if an authenticated user needs to be able to execute that action then you should assign the corresponding permission to the 'Authenticated' role.

To get a quick list of (Zope2 string-based) permissions for the 'Authenticated' role, use the following ZMI view:

http://localhost:8080/Plone/manage_roleForm?role_to_manage=Authenticated

where I assume you run your site on port 8080 and you named the Plone object Plone. It shows all permissions in a multi-select list with those currently assigned activated.

On a default site, this list is pretty meagre, only Set own password, Set own properties and Use external editor are assigned. For the first two, Zope3 equivalents are defined in Products.CMFCore; they are cmf.SetOwnPassword, and cmf.SetOwnProperties; the third one doesn't have a Zope3 equivalent at the moment, but would be easy to define, just add this to a ZCML file somewhere:

<permission
  id="plone.UseExternalEditor"
  title="Use external editor"
  />

Zope3 permissions are simply aliases for their Zope2 counterparts using valid python ids.

I really do not know what you want to do with your view, but your best bet is to either find an appropriate permission and assign it to the 'Authenticated' role, or create a new permission.

The latter is really easy, actually.

Say I want to create a 'Access foo bar' permission, I'd simply register it directly with a Zope3 identifier in a ZCML file:

<permission
    id="foobar.AccessFooBar"
    title="Access foo bar"
    />

That's all there is to it; the "Access foo bar" permission will now be visible in the ZMI.

If you want to give this permission to specific roles by default, list them as contained elements:

<permission
    id="foobar.AccessFooBar"
    title="Access foo bar">
  <role name="Authenticated" />
</permission>

This only works for 'global' roles (defined at the Zope root), such as 'Manager', 'Anonymous' and 'Authenticated'.

Optionally, list it in a GenericSetup profile using the rolemap.xml file to assign this new permission to the Authenticated role:

<?xml version="1.0"?>
<rolemap>
  <permissions>
    <permission name="Access foo bar" acquire="False">
      <role name="Authenticated"/>
    </permission>
  </permissions>
</rolemap>

You'll need to use the latter only if you want to assign permissions defined at the Plone level, such as 'Site Administrator' or 'Editor'.

like image 53
Martijn Pieters Avatar answered Dec 14 '22 14:12

Martijn Pieters


In a stock Plone authenticated but not anonymous users may change their own password. You can use that permission. It is called:

cmf.SetOwnPassword

like image 31
do3cc Avatar answered Dec 14 '22 15:12

do3cc